[TOOL] A Simple Oracle Installation Security Scanner
From: support@securiteam.comDate: 01/13/02
- Previous message: support@securiteam.com: "[NT] AOLserver Unauthorized File Disclosure Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Sun, 13 Jan 2002 23:46:39 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
A Simple Oracle Installation Security Scanner
------------------------------------------------------------------------
DETAILS
The following simple Oracle scanner can help administrators review some
basic aspects of an Oracle installation.
Checks preformed:
1) Default Users - Check for Known Passwords
2) Check for User Passwords that are Easy to Guess
3) Connect as INTERNAL
4) Check for Users Who Have the Privilege "DBA"
5) Check For Users and Roles that Have Privileges With "ANY" Included
6) Check For Users That Have "with admin" or "with grant"
7) Check External Users
8) System Privileges - ALTER SYSTEM and CREATE LIBRARY
9) utl_file_dir Location
10) Database Links That Have Clear Text Passwords
Tool:
-- ---------------------------------------------------------------------------- -- -- -- PENTEST LIMITED -- -- --------------- -- -- -- -- File Name : %M%.%R% -- -- Author : Pete Finnigan ( Pentest Limited ) -- -- Date : November 2001 -- -- -- -- Description -- -- ----------- -- -- -- -- Simple Oracle scanner to review some basic aspects of an Oracle -- -- installation. -- -- -- -- Version History -- -- =============== -- -- -- -- Who Ver Date Description -- -- ------- ----- -------- ------------------------------ -- -- PF 1.0 Dec 2001 First Issue ---- ---------------------------------------------------------------------------- -- set up SQL*PLUS -- ---------------------------------------------------------------------------- whenever sqlerror exit rollback
set head on set feed on set linesize 80 set termout on set serveroutput on size 1000000
-- ---------------------------------------------------------------------------- -- capture the output -- ---------------------------------------------------------------------------- spool scanner.lis
-- ---------------------------------------------------------------------------- -- create an anonymouse block to scan with -- ----------------------------------------------------------------------------
declare type user_tab is table of varchar2(30) index by binary_integer; type pwd_tab is table of varchar2(30) index by binary_integer; type hash_tab is table of varchar2(16) index by binary_integer; username user_tab; password pwd_tab; hash hash_tab; tab_key binary_integer:=1; i binary_integer:=1; -- cursor c_user is select username, password from dba_users; -- cursor c_utl_cur is select rtrim(name) name, rtrim(value) value from v$parameter where name='utl_file_dir'; -- cursor c_trace is select rtrim(name) name, decode(rtrim(value),NULL,'NULL',rtrim(value)) value from v$parameter where name like '%dest%'; -- cursor c_utl_trace is select rtrim(a.name) name from v$parameter a, v$parameter b where a.name='utl_file_dir' and b.name like '%dest%' and a.value=b.value; -- cursor c_sys_priv (cp_priv in dba_sys_privs.privilege%type) is select grantee, privilege from dba_sys_privs where privilege like cp_priv; -- cursor c_admin is select grantee, privilege priv from dba_sys_privs where admin_option='YES' union select grantee, granted_role priv from dba_role_privs where admin_option='YES'; -- cursor c_grant is select grantee, privilege, table_name from dba_tab_privs where grantable='YES' union select grantee, privilege, table_name from dba_col_privs where grantable='YES'; -- cursor c_ext is select username from dba_users where password='EXTERNAL'; -- cursor c_dba is select grantee from dba_role_privs where granted_role='DBA'; -- cursor c_links is select name, host, userid, password, authusr, authpwd from sys.link$ where password is not null; -- lv_sys_priv c_sys_priv%rowtype; lv_utl_cur c_utl_cur%rowtype; lv_trace c_trace%rowtype; lv_utl_trace c_utl_trace%rowtype; -- found number:=0; -- begin
-- manually load the user list into the tables
tab_key:=1; username(tab_key):='ADAMS'; password(tab_key):='WOOD'; hash(tab_key):='72CDEF4A3483F60D'; -- tab_key:=2; username(tab_key):='ADLDEMO'; password(tab_key):='ADLDEMO'; hash(tab_key):='147215F51929A6E8'; -- tab_key:=3; username(tab_key):='APPLSYS'; password(tab_key):='FND'; hash(tab_key):='0F886772980B8C79'; -- tab_key:=4; username(tab_key):='APPLYSYSPUB'; password(tab_key):='PUB'; hash(tab_key):='A5E09E84EC486FC9'; -- tab_key:=5; username(tab_key):='APPS'; password(tab_key):='APPS'; hash(tab_key):='D728438E8A5925E0'; -- tab_key:=6; username(tab_key):='AQDEMO'; password(tab_key):='AQDEMO'; hash(tab_key):='5140E342712061DD'; -- tab_key:=7; username(tab_key):='AQJAVA'; password(tab_key):='AQJAVA'; hash(tab_key):='8765D2543274B42E'; -- tab_key:=8; username(tab_key):='AQUSER'; password(tab_key):='AQUSER'; hash(tab_key):='4CF13BDAC1D7511C'; -- tab_key:=9; username(tab_key):='AUDIOUSER'; password(tab_key):='AUDIOUSER'; hash(tab_key):='CB4F2CEC5A352488'; -- tab_key:=10; username(tab_key):='AURORA$ORB$UNAUTHENTICATED'; password(tab_key):='INVALID'; hash(tab_key):='80C099F0EADF877E'; -- tab_key:=11; username(tab_key):='BLAKE'; password(tab_key):='PAPER'; hash(tab_key):='9435F2E60569158E'; -- tab_key:=12; username(tab_key):='CATALOG'; password(tab_key):='CATALOG'; hash(tab_key):='397129246919E8DA'; -- tab_key:=13; username(tab_key):='CDEMO82'; password(tab_key):='CDEMO83'; hash(tab_key):='7299A5E2A5A05820'; -- tab_key:=14; username(tab_key):='CDEMOCOR'; password(tab_key):='CDEMOCOR'; hash(tab_key):='3A34F0B26B951F3F'; -- tab_key:=15; username(tab_key):='CDEMOUCB'; password(tab_key):='CDEMOUCB'; hash(tab_key):='CEAE780F25D556F8'; -- tab_key:=16; username(tab_key):='CDEMORID'; password(tab_key):='CDEMORID'; hash(tab_key):='E39CEFE64B73B308'; -- tab_key:=17; username(tab_key):='CENTRA'; password(tab_key):='CENTRA'; hash(tab_key):='63BF5FFE5E3EA16D'; -- tab_key:=18; username(tab_key):='CLARK'; password(tab_key):='CLOTH'; hash(tab_key):='7AAFE7D01511D73F'; -- tab_key:=19; username(tab_key):='COMPANY'; password(tab_key):='COMPANY'; hash(tab_key):='402B659C15EAF6CB'; -- tab_key:=20; username(tab_key):='CSMIG'; password(tab_key):='CSMIG'; hash(tab_key):='09B4BB013FBD0D65'; -- tab_key:=21; username(tab_key):='CTXDEMO'; password(tab_key):='CTXDEMO'; hash(tab_key):='CB6B5E9D9672FE89'; -- tab_key:=22; username(tab_key):='CTXSYS'; password(tab_key):='CTXSYS'; hash(tab_key):='24ABAB8B06281B4C'; -- tab_key:=23; username(tab_key):='DBSNMP'; password(tab_key):='DBSNMP'; hash(tab_key):='E066D214D5421CCC'; -- tab_key:=24; username(tab_key):='DEMO'; password(tab_key):='DEMO'; hash(tab_key):='4646116A123897CF'; -- tab_key:=25; username(tab_key):='DEMO8'; password(tab_key):='DEMO9'; hash(tab_key):='0E7260738FDFD678'; -- tab_key:=26; username(tab_key):='EMP'; password(tab_key):='EMP'; hash(tab_key):='B40C23C6E2B4EA3D'; -- tab_key:=27; username(tab_key):='EVENT'; password(tab_key):='EVENT'; hash(tab_key):='7CA0A42DA768F96D'; -- tab_key:=28; username(tab_key):='FINANCE'; password(tab_key):='FINANCE'; hash(tab_key):='6CBBF17292A1B9AA'; -- tab_key:=29; username(tab_key):='FND'; password(tab_key):='FND'; hash(tab_key):='0C0832F8B6897321'; -- tab_key:=30; username(tab_key):='GPFD'; password(tab_key):='GPFD'; hash(tab_key):='BA787E988F8BC424'; -- tab_key:=31; username(tab_key):='GPLD'; password(tab_key):='GPLD'; hash(tab_key):='9D561E4D6585824B'; -- tab_key:=32; username(tab_key):='HR'; password(tab_key):='HR'; hash(tab_key):='4C6D73C3E8B0F0DA'; -- tab_key:=33; username(tab_key):='HLW'; password(tab_key):='HLW'; hash(tab_key):='855296220C095810'; -- tab_key:=34; username(tab_key):='IMAGEUSER'; password(tab_key):='IMAGEUSER'; hash(tab_key):='E079BF5E433F0B89'; -- tab_key:=35; username(tab_key):='IMEDIA'; password(tab_key):='IMEDIA'; hash(tab_key):='8FB1DC9A6F8CE827'; -- tab_key:=36; username(tab_key):='JONES'; password(tab_key):='STEEL'; hash(tab_key):='B9E99443032F059D'; -- tab_key:=37; username(tab_key):='JMUSER'; password(tab_key):='JMUSER'; hash(tab_key):='063BA85BF749DF8E'; -- tab_key:=38; username(tab_key):='LBACSYS'; password(tab_key):='LBACSYS'; hash(tab_key):='AC9700FD3F1410EB'; -- tab_key:=39; username(tab_key):='MDSYS'; password(tab_key):='MDSYS'; hash(tab_key):='9AAEB2214DCC9A31'; -- tab_key:=40; username(tab_key):='MFG'; password(tab_key):='MFG'; hash(tab_key):='FC1B0DD35E790847'; -- tab_key:=41; username(tab_key):='MIGRATE'; password(tab_key):='MIGRATE'; hash(tab_key):='5A88CE52084E9700'; -- tab_key:=42; username(tab_key):='MILLER'; password(tab_key):='MILLER'; hash(tab_key):='D0EFCD03C95DF106'; -- tab_key:=43; username(tab_key):='MMO2'; password(tab_key):='MMO3'; hash(tab_key):='AE128772645F6709'; -- tab_key:=44; username(tab_key):='MODTEST'; password(tab_key):='YES'; hash(tab_key):='BBFF58334CDEF86D'; -- tab_key:=45; username(tab_key):='MOREAU'; password(tab_key):='MOREAU'; hash(tab_key):='CF5A081E7585936B'; -- tab_key:=46; username(tab_key):='NAMES'; password(tab_key):='NAMES'; hash(tab_key):='9B95D28A979CC5C4'; -- tab_key:=47; username(tab_key):='MTSSYS'; password(tab_key):='MTSSYS'; hash(tab_key):='6465913FF5FF1831'; -- tab_key:=48; username(tab_key):='MXAGENT'; password(tab_key):='MXAGENT'; hash(tab_key):='C5F0512A64EB0E7F'; -- tab_key:=49; username(tab_key):='OCITEST'; password(tab_key):='OCITEST'; hash(tab_key):='C09011CB0205B347'; -- tab_key:=50; username(tab_key):='ODS'; password(tab_key):='ODS'; hash(tab_key):='89804494ADFC71BC'; -- tab_key:=51; username(tab_key):='ODSCOMMON'; password(tab_key):='ODSCOMMON'; hash(tab_key):='59BBED977430C1A8'; -- tab_key:=52; username(tab_key):='OE'; password(tab_key):='OE'; hash(tab_key):='D1A2DFC623FDA40A'; -- tab_key:=53; username(tab_key):='OEMADM'; password(tab_key):='OEMADM'; hash(tab_key):='9DCE98CCF541AAE6'; -- tab_key:=54; username(tab_key):='OLAPDBA'; password(tab_key):='OLAPDBA'; hash(tab_key):='1AF71599EDACFB00'; -- tab_key:=55; username(tab_key):='OLAPSVR'; password(tab_key):='INSTANCE'; hash(tab_key):='AF52CFD036E8F425'; -- tab_key:=56; username(tab_key):='OLAPSYS'; password(tab_key):='MANAGER'; hash(tab_key):='3FB8EF9DB538647C'; -- tab_key:=57; username(tab_key):='ORAREGSYS'; password(tab_key):='ORAREGSYS'; hash(tab_key):='28D778112C63CB15'; -- tab_key:=58; username(tab_key):='ORDPLUGINS'; password(tab_key):='ORDPLUGINS'; hash(tab_key):='88A2B2C183431F00'; -- tab_key:=59; username(tab_key):='ORDSYS'; password(tab_key):='ORDSYS'; hash(tab_key):='7EFA02EC7EA6B86F'; -- tab_key:=60; username(tab_key):='OUTLN'; password(tab_key):='OUTLN'; hash(tab_key):='4A3BA55E08595C81'; -- tab_key:=61; username(tab_key):='PERFSTAT'; password(tab_key):='PERFSTAT'; hash(tab_key):='AC98877DE1297365'; -- tab_key:=62; username(tab_key):='PM'; password(tab_key):='PM'; hash(tab_key):='C7A235E6D2AF6018'; -- tab_key:=63; username(tab_key):='PO'; password(tab_key):='PO'; hash(tab_key):='355CBEC355C10FEF'; -- tab_key:=64; username(tab_key):='PO8'; password(tab_key):='PO8'; hash(tab_key):='7E15FBACA7CDEBEC'; -- tab_key:=65; username(tab_key):='PO7'; password(tab_key):='PO7'; hash(tab_key):='6B870AF28F711204'; -- tab_key:=66; username(tab_key):='PORTAL30'; password(tab_key):='PORTAL31'; hash(tab_key):='D373ABE86992BE68'; -- tab_key:=67; username(tab_key):='PORTAL30_DEMO'; password(tab_key):='PORTAL30_DEMO'; hash(tab_key):='CFD1302A7F832068'; -- tab_key:=68; username(tab_key):='PORTAL30_PUBLIC'; password(tab_key):='PORTAL30_PUBLIC'; hash(tab_key):='42068201613CA6E2'; -- tab_key:=69; username(tab_key):='PORTAL30_SSO'; password(tab_key):='PORTAL30_SSO'; hash(tab_key):='882B80B587FCDBC8'; -- tab_key:=70; username(tab_key):='PORTAL30_SSO_PS'; password(tab_key):='PORTAL30_SSO_PS'; hash(tab_key):='F2C3DC8003BC90F8'; -- tab_key:=71; username(tab_key):='PORTAL30_SSO_PUBLIC'; password(tab_key):='PORTAL30_SSO_PUBLIC'; hash(tab_key):='98741BDA2AC7FFB2'; -- tab_key:=72; username(tab_key):='POWERCARTUSER'; password(tab_key):='POWERCARTUSER'; hash(tab_key):='2C5ECE3BEC35CE69'; -- tab_key:=73; username(tab_key):='PRIMARY'; password(tab_key):='PRIMARY'; hash(tab_key):='70C3248DFFB90152'; -- tab_key:=74; username(tab_key):='PUBSUB'; password(tab_key):='PUBSUB'; hash(tab_key):='80294AE45A46E77B'; -- tab_key:=75; username(tab_key):='QS'; password(tab_key):='QS'; hash(tab_key):='4603BCD2744BDE4F'; -- tab_key:=76; username(tab_key):='QS_ADM'; password(tab_key):='QS_ADM'; hash(tab_key):='3990FB418162F2A0'; -- tab_key:=77; username(tab_key):='QS_CB'; password(tab_key):='QS_CB'; hash(tab_key):='870C36D8E6CD7CF5'; -- tab_key:=78; username(tab_key):='QS_CBADM'; password(tab_key):='QS_CBADM'; hash(tab_key):='20E788F9D4F1D92C'; -- tab_key:=79; username(tab_key):='QS_CS'; password(tab_key):='QS_CS'; hash(tab_key):='2CA6D0FC25128CF3'; -- tab_key:=80; username(tab_key):='QS_ES'; password(tab_key):='QS_ES'; hash(tab_key):='9A5F2D9F5D1A9EF4'; -- tab_key:=81; username(tab_key):='QS_OS'; password(tab_key):='QS_OS'; hash(tab_key):='0EF5997DC2638A61'; -- tab_key:=82; username(tab_key):='QS_WS'; password(tab_key):='QS_WS'; hash(tab_key):='0447F2F756B4F460'; -- tab_key:=83; username(tab_key):='RE'; password(tab_key):='RE'; hash(tab_key):='933B9A9475E882A6'; -- tab_key:=84; username(tab_key):='REPADMIN'; password(tab_key):='REPADMIN'; hash(tab_key):='915C93F34954F5F8'; -- tab_key:=85; username(tab_key):='RMAIL'; password(tab_key):='RMAIL'; hash(tab_key):='DA4435BBF8CAE54C'; -- tab_key:=86; username(tab_key):='RMAN'; password(tab_key):='RMAN'; hash(tab_key):='E7B5D92911C831E1'; -- tab_key:=87; username(tab_key):='SAMPLE'; password(tab_key):='SAMPLE'; hash(tab_key):='E74B15A3F7A19CA8'; -- tab_key:=88; username(tab_key):='SCOTT'; password(tab_key):='TIGER'; hash(tab_key):='F894844C34402B67'; -- tab_key:=89; username(tab_key):='SDOS_ICSAP'; password(tab_key):='SDOS_ICSAP'; hash(tab_key):='C789210ACC24DA16'; -- tab_key:=90; username(tab_key):='SECDEMO'; password(tab_key):='SECDEMO'; hash(tab_key):='009BBE8142502E10'; -- tab_key:=91; username(tab_key):='SH'; password(tab_key):='SH'; hash(tab_key):='54B253CBBAAA8C48'; -- tab_key:=92; username(tab_key):='SYS'; password(tab_key):='CHANGE_ON_INSTALL'; hash(tab_key):='D4C5016086B2DC6A'; -- tab_key:=93; username(tab_key):='SYSADM'; password(tab_key):='SYSADM'; hash(tab_key):='BA3E855E93B5B9B0'; -- tab_key:=94; username(tab_key):='SYSTEM'; password(tab_key):='MANAGER'; hash(tab_key):='D4DF7931AB130E37'; -- tab_key:=95; username(tab_key):='TAHITI'; password(tab_key):='TAHITI'; hash(tab_key):='F339612C73D27861'; -- tab_key:=96; username(tab_key):='TDOS_ICSAP'; password(tab_key):='TDOS_ICSAP'; hash(tab_key):='7C0900F751723768'; -- tab_key:=97; username(tab_key):='TRACESVR'; password(tab_key):='TRACE'; hash(tab_key):='F9DA8977092B7B81'; -- tab_key:=98; username(tab_key):='TSDEV'; password(tab_key):='TSDEV'; hash(tab_key):='29268859446F5A8C'; -- tab_key:=99; username(tab_key):='TSUSER'; password(tab_key):='TSUSER'; hash(tab_key):='90C4F894E2972F08'; -- tab_key:=100; username(tab_key):='USER0'; password(tab_key):='USER0'; hash(tab_key):='8A0760E2710AB0B4'; -- tab_key:=101; username(tab_key):='USER1'; password(tab_key):='USER1'; hash(tab_key):='BBE7786A584F9103'; -- tab_key:=102; username(tab_key):='USER2'; password(tab_key):='USER2'; hash(tab_key):='1718E5DBB8F89784'; -- tab_key:=103; username(tab_key):='USER3'; password(tab_key):='USER3'; hash(tab_key):='94152F9F5B35B103'; -- tab_key:=104; username(tab_key):='USER4'; password(tab_key):='USER4'; hash(tab_key):='2907B1BFA9DA5091'; -- tab_key:=105; username(tab_key):='USER5'; password(tab_key):='USER5'; hash(tab_key):='6E97FCEA92BAA4CB'; -- tab_key:=106; username(tab_key):='USER6'; password(tab_key):='USER6'; hash(tab_key):='F73E1A76B1E57F3D'; -- tab_key:=107; username(tab_key):='USER7'; password(tab_key):='USER7'; hash(tab_key):='3E9C94488C1A3908'; -- tab_key:=108; username(tab_key):='USER8'; password(tab_key):='USER8'; hash(tab_key):='D148049C2780B869'; -- tab_key:=109; username(tab_key):='USER9'; password(tab_key):='USER9'; hash(tab_key):='0487AFEE55ECEE66'; -- tab_key:=110; username(tab_key):='UTLBSTATU'; password(tab_key):='UTLESTAT'; hash(tab_key):='C42D1FA3231AB025'; -- tab_key:=111; username(tab_key):='VIDEOUSER'; password(tab_key):='VIDEOUSER'; hash(tab_key):='29ECA1F239B0F7DF'; -- tab_key:=112; username(tab_key):='VIF_DEVELOPER'; password(tab_key):='VIF_DEV_PWD'; hash(tab_key):='9A7DCB0C1D84C488'; -- tab_key:=113; username(tab_key):='VIRUSER'; password(tab_key):='VIRUSER'; hash(tab_key):='404B03707BF5CEA3'; -- tab_key:=114; username(tab_key):='VRR1'; password(tab_key):='VRR2'; hash(tab_key):='811C49394C921D66'; -- tab_key:=115; username(tab_key):='WEBDB'; password(tab_key):='WEBDB'; hash(tab_key):='D4C4DCDD41B05A5D'; -- tab_key:=116; username(tab_key):='WKSYS'; password(tab_key):='WKSYS'; hash(tab_key):='545E13456B7DDEA0'; --
-- check all users in the database and see if defaults are set still
dbms_output.put_line('Check default user passwords'); dbms_output.put_line('============================'); for lv_user in c_user loop for i in 1..tab_key loop if lv_user.username=username(i) then if lv_user.password=hash(i) then dbms_output.put_line('Default : ' ||username(i)||' passwd is :' ||password(i)); exit; end if; end if; end loop; end loop;
-- check for some of the dangerous privileges -- -- ALTER SYSTEM
found:=0; dbms_output.put_line('.'); dbms_output.put_line('Display Users that have the "ALTER SYSTEM" privilege'); dbms_output.put_line('===================================================='); for lv_sys_priv in c_sys_priv('ALTER SYSTEM') loop dbms_output.put_line(lv_sys_priv.privilege||' :'||lv_sys_priv.grantee); end loop;
-- check for CREATE LIBRARY
dbms_output.put_line('.'); dbms_output.put_line('Display Users that have the "CREATE LIBRARY" privilege'); dbms_output.put_line('======================================================'); for lv_sys_priv in c_sys_priv('CREATE%LIBRARY') loop dbms_output.put_line(lv_sys_priv.privilege||' :'||lv_sys_priv.grantee); end loop;
-- check the location of utl_file_dir and ensure its not the same as -- the trace directories
found:=0; dbms_output.put_line('.'); dbms_output.put_line('Dislay utl_file_dir'); dbms_output.put_line('==================='); open c_utl_cur; loop fetch c_utl_cur into lv_utl_cur; if c_utl_cur%notfound then if found=0 then dbms_output.put_line('utl_file_dir is not set'); end if; exit; else found:=1; dbms_output.put_line('utl_file_dir is '||rtrim(lv_utl_cur.value)); end if; end loop; close c_utl_cur; dbms_output.put_line('.'); dbms_output.put_line('Dislay destinations'); dbms_output.put_line('==================='); found:=0; open c_trace; loop fetch c_trace into lv_trace; if c_trace%notfound then if found=0 then dbms_output.put_line('no trace directories set'); end if; exit; else found:=1; dbms_output.put_line(rtrim(lv_trace.name) ||' is '||rtrim(lv_trace.value)); end if; end loop; close c_trace;
-- check if the utl_file_dir clashes with any of the dest directions
dbms_output.put_line('.'); dbms_output.put_line('Display any clash between utl_file_dir and destination direcories'); dbms_output.put_line('================================================================='); found:=0; open c_utl_trace; loop fetch c_utl_trace into lv_utl_trace; if c_utl_trace%notfound then if found=0 then dbms_output.put_line('No apparent match between utl_file_dir and dest directories'); end if; exit; else dbms_output.put_line(lv_utl_trace.name||' matches utl_file_dir'); end if; end loop; close c_utl_trace;
-- check for users with the DBA privilege
dbms_output.put_line('.'); dbms_output.put_line('Check for users with "DBA" privilege'); dbms_output.put_line('===================================='); for lv_dba in c_dba loop dbms_output.put_line(lv_dba.grantee); end loop;
-- check out which users have ANY
dbms_output.put_line('.'); dbms_output.put_line('Check for users with "ANY" privilege'); dbms_output.put_line('===================================='); for lv_sys_priv in c_sys_priv('%ANY%') loop dbms_output.put_line(lv_sys_priv.privilege||' :'||lv_sys_priv.grantee); end loop;
-- check out users or roles that have "with admin" dbms_output.put_line('.'); dbms_output.put_line('Check for users or roles the have "with admin"'); dbms_output.put_line('=============================================='); for lv_admin in c_admin loop dbms_output.put_line(lv_admin.priv||' :'||lv_admin.grantee); end loop;
-- check out which privileges have with with grant dbms_output.put_line('.'); dbms_output.put_line('Check for users and roles that have "grantable"'); dbms_output.put_line('==============================================='); for lv_grant in c_grant loop dbms_output.put_line(lv_grant.privilege||' :' ||lv_grant.table_name||' :'||lv_grant.grantee); end loop;
-- check out external users
dbms_output.put_line('.'); dbms_output.put_line('Display External Users'); dbms_output.put_line('======================'); for lv_ext in c_ext loop dbms_output.put_line(lv_ext.username); end loop;
-- check out database links where there is a password set.
dbms_output.put_line('.'); dbms_output.put_line('Display Database links where there is a password set'); dbms_output.put_line('===================================================='); for lv_links in c_links loop dbms_output.put_line(lv_links.name||' :'||lv_links.host||' :' ||lv_links.userid||' :'||lv_links.password ||' :'||lv_links.authusr||' :'||lv_links.authpwd); end loop; end; /
spool off
ADDITIONAL INFORMATION
The information has been provided by <mailto:pete@peterfinnigan.demon.co.uk> Pete Finnigan of Pentest Limited.
========================================
This bulletin is sent to members of the SecuriTeam mailing list. To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
==================== ====================
DISCLAIMER: The information in this bulletin is provided "AS IS" without warranty of any kind. In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NT] AOLserver Unauthorized File Disclosure Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
